IN THE CLAIMS 

1 . (Currently Amended) A method fe r transporting encryp ted-media^ 
comprising: 

receiving a call request over a packet switched network at a first gateway that is 
located between the packet switched network and a circuit switched network; 

comparing a phone number included in the call request with entries in a local dial plan 
located at the first gateway; 

sending one or more signals from the first gateway to a source endpoint when the 
phone number included in the request matches one of the entries in the local dial plan, the 
signals directing the source endpoint to encrypt media packets for the requested call using a 
protocol for encrypting real-time media; 

determining whether a remote second gateway that is located on a transfer path for the 
encrypted media packets that are received according to the signals and that is located between 
the circuit switched network and the same or another packet switched network is configured 
for end-to-end secure transport when the requested call is to be transferred using the circuit 
switched network; 

establishing an Internet Protocol (IP) link over the circuit switched network extending 
from the first gateway to the second gateway when the second gateway is configured for end- 
to-end secure transport; and 

transferring the encrypted media packets over the established IP link, 

receiving a request to transport encryp ted Internet P r otoeoHr IP) media packets over a 
circuit switched network; 

establishing an IP link over the circuit swit c hed network; 

receiving encrypted IP media packets correspo nding to the request, the encrypted IP 
media packets having encrypted layer four transport la yeinhea^tera-and-la yer three network 
layer headers; 

re pla ci ng the existing laye r t hree network layer headers w i th l oca ll y g e nerate d laye r 
three n e twork layer headers independently of the encryp ted laye r f our transport layer headers 
and with o u t replaci ng the encrypted layer four headers such that encrypti on protecting the 
layer four headers and corresponding encompassed p a y l oa ds is preserved and not locally 
de c rypted; and 

transporting the revis e d encrypt e d IP media pa ckets over the IP lin k e sta bl ished over 
£ he circu it switche d n etwork. 
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2. (Currently Amended) A method according to claim 1 further including: 
decrypting the encrypted media packets locally at the first gateway when the remote 

second gateway is not configured for end-to-end secure transport; 

formatting media included in the encrypted media packets into a Packet Switched 
Telephone Network (PSTN) format when the remote second gateway is not configured for 
end-to-end secure transport; and 

transferring the formatted media oyer the circuit switched network for re-encryption 
at the remote second gateway. 

including establishin g a da ta ch ann el o yer the circuit s - witched naetwork a n d u amg-a 
Point to P oint Pr otocol oyer the dat a c ha n n el te establi sh the IP link . 

3. (Currently Amended) The method according to claim 1 including establishing 
a data channel over the circuit switched network and using a Point to Point Protocol over the 
data channel to establish the IP link c laim 2 i ncluding establishing the data channel over an 
Integrated Services Digital Network (ISDN) channel of a Public Servic e s Telephone 
Network . 

4. (Currently Amended) A method according to claim 3 including establishing 
the data channel over an Integrated Services Digital Network (ISDN) channel of the circuit 
switched network daim-4- i ncluding transporting the revised encrypted IP media packets over 
a packet swit c h e d network without decrypting or decoding th e- media that inclu de^voiea-data. 

5. (Cancelled) 

6. (Cancelled) 

7. (Currently Amended) A method according to claim 1 including: 
authenticating the second gateway an ingress device associated with the IP media 

packets ; 

sending a first encrypted key associated with the source a first endpoint over the 
circuit switched network to the authenticated second gateway ingress device ; 

receiving a second encrypted key over the circuit switched network from the 
authenticated second gateway ingress device associated with a second endpo mt; 

decrypting the second key and forwarding the decrypted second key over the [[a]] 
packet switched network to the source first endpoint; 
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encrypting the media packets at the source fest endpoint using the first key according 
to the signals, the encrypted media packets directed to a destination the seco nd endpoint 
us-mg the first key ; and 

decrypting the revised en crypted IP media packets received at the source fes* 
endpoint received fr o m the second en dpoint using the second key. 

8. (Currently Amended) A method according to claim 1 including encrypting 
the [[IP]] media packets only once at the source a~#rst s end in g endpoint and decrypting the 
[[IP]] media packets only once at a receiving second endpoint. 

9. (Currently Amended) A method according to claim 1 including: 
encrypting the [[IP]] media packets using a Secure Real-time Transport Protocol 

(SRTP); 

establishing a Point to Point Protocol (PPP) connection over an Integrated Services 
Digital Network(ISDN) channel in the circuit switched network; and 

sending the SRTP encrypted IP media packets over the PPP connection. 

1 0. (Currently Amended) A network processing device, comprising: 

a processor configured to establish a connection an Internet Protocol (IP) link for 
transferring encrypted IP packet payloads over a circuit switched network, the IP link 
extending across the circuit switched network and between the network processing device 
and a remote gateway that is located between a packet switched network and the same or 
another circuit switched network t wo endpoints that extends evefr~an~fafcernet P rotocol ( tfi) 
notwork and a circui t switched network [[,]]; 

the processor forwarding packets having an encrypted IP packet payload between the 
two endpoints over the IP link without decrypting the encrypted IP packet payload when 
trans ferred bet w ee n the IP network and circuit sw itc h ed net w ork. 

11. (Cancelled) 
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12. (Currently Amended) A network processing device according to claim 10 
wherein the processor compresses the forwarded packets using selects-a first c o dec when 
forwarding other IP packet payloads that are decrypted for transport over a PSTN connection 
in th e circ ui t s wit ched network and se l ect s a s econd a first data compression codec having 
greater data compression capability than with higher compression than the first codec when a 
second data compression codec used by the processor for other traffic that is the encrypted IP 
packet payload is not decrypted before forwarding a n d tr ans ported over a data link in the 
circuit switched network. 

13. (Currently Amended) A network processing device according to claim 10 
including a memory containing a dial plan for identifying phone numbers that can be 
transferred between the packet switched [[IP]] network and the circuit switched network 
without decrypting the encrypted IP packet payload. 

14. (Currently Amended) A network processing device according to claim 10 
including memory for storing a shared key shared with the remote gateway an ingress device 
located at an ingress side of the IP network , the processor receiving a first key from a first 
endpoint, encrypting the first key using the shared key and sending the encrypted first key to 
the remote gateway iaggess- device . 

15. (Currently Amended) A network processing device according to claim 14 
wherein the processor receives a second encrypted key from the remote gateway ingress 
device , the processor decrypting the second encrypted key using the shared key and then 
forwarding the second decrypted key to the first endpoint. 

16. (Currently Amended) A network processing device according to claim 10 
wherein the processor conducts a Point to Point Protocol over an Integrated Services Digital 
Network (ISDN) channel for establishing the [[an]] IP link over the circuit switched network 
and then forwards Secure Real-time Transport Protocol (SRTP) encrypted IP packet payloads 
over the IP link. 
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1 7, (Currently Amended) A method for transporting encrypted media, 
comprising: 

receiving a call request over a packet switched network at a first gateway that is 
located between the packet switched network and a circuit switched network; 

determining whether a second on~path gateway includes a capability for end-to-end 
secure real-time transport in response to receiving the call request; 

transferring the encrypted media packets over an Internet Protocol (IP) connection 
that traverses the circuit switched network and extends between the first and second gateways 
when the second gateway includes the capability for end-to-end secure real-time transport; 
and 

converting the received encrypted media packets to a Publicly Switched Telephone 
Network (PSTN) format for transmission across a different connection that also traverses the 
circuit switched network when the second gateway does not include the capability for end-to- 
end secure real-time transport, 

receiving call requests from e ndp o i nfef 

identifying call request s req uiring media encryption; 

directi ng endpoints for the i dentified call requests to encrypt media using an Internet 
Protocol(IP) encryption protoco l 

identifying th e-ea Jl requ e sts that also require conne c ti o ns o ver a Public Services 
Telephone Network(PSTN )f 

establishing data links over th e P S TN for the i dentified call re quests- 

r e cei v ing en cr y pte d packets corresponding to the IP ene rypted media from the 
endpoints f o r t he id e ntified call requests, the -encr y pt ed packets having encryption on a 
tr an sp ort layer four header that do es no t en crypt a lower layer header; 

formattin g the lo wer layer header w hile pres erving the encryption on the tra nsport 
la ye r fo ur h eader; and 

for w ardin g the formatted IP en cr y pted m e dia over the data li nks es tablished on the 

18. (Currently Amended) The method according to claim 17 including: 
authenticating the call request with the second gateway i d entified call requests with 

i ngr es s g ateways; 

conducting Point-to-Point Protocol (PPP) sessions with the second gateway kigress 
gateways when the second gateway ingress gateways is [[are]] authenticated; and 
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exchanging encryption keys with the second gateway ingres s ga te ways during the 
PPP session. 

19. (Currently Amended) The method according to claim 18 including: 
encrypting the encryption keys using keys shared with the second gateway in g res s 

gateways ; and 

sending the encrypted encryption keys key to the second gateway ingress gateways . 

20. (Currently Amended) An apparatus, comprising: 
one or more processors; and 

a memory coupled to the processors comprising instructions executable by the 
processors, the processors operable when executing the instructions to: 

receive media packets over a packet switched network at a first gateway that is 
located between the packet switched network and a circuit switched network, the media 
packets encrypted with a protocol for encrypting real-time media; 

determine whether a remote second gateway is configured for end-to-end secure real- 
time transport before establishing an Internet Protocol (IP) connection over the circuit 
switched network and to the remote second gateway; and 

transfer the encrypted media packets over the established IP connection when the 
remote second gateway is configured for end-to-end secure real-time transport. 

re ceive packets over a packet switched network, the packets having first and secon d 
headers excluded from encryption for a third header and a payload; 

format the first and secon d- headers without decrypting the encryption for the third 
head e r and the payload such tha fc- thc third header and the payload remain encrypted durin g 
tr a nsfer betwe e n the endpoin te- 

establish a connection over a circuit switched network to a remote network device; 

rti ivT 

s e nd the packets having the formatted first an d se c ond headers and the encrypted thir d 
hea de r and payload on the connection over the circuit switched n etwefkr 

21 . (Currently Amended) The apparatus of claim 20 wherein the processors are 
further operable to: 

compare a phone number included in a call request for the media packets with a dial 
plan; and 
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send a signal that causes a source endpoint for the media packets to encrypt the media 
packets with the protocol when the phone number corresponds with the dial plan. 

wher ein the first header is according to - the Internet Protocol (IP), the second header is 
according to th e Us er Datagram Proto c ol (UDP) and the third header is according to a-seewe 
real time protoco l. 

22. (Currently Amended) The apparatus of claim 20 wherein the encrypted media 
packets include payload includes voice data such that the voice data is securely transported 
across both the circuit switched network and the packet switched network without 
intermediary decryption. 

23. (Currently Amended) The network processing device of claim 10 wherein the 
processor is further configured to: 

identify one or more Internet Protocol (IP) network layer headers included in the 
packets; 

remove the IP network layer headers while preserving encryption on one or more 
Secure Real-time Transport Protocol (SRTP) transport layer headers and a corresponding 
payload; 

locally generate one or more new IP network layer headers; 

attach the generated IP headers to the encrypted SRTP transport layer headers and the 
encrypted corresponding payload; and 

forward the packets having the locally generated IP headers, the encrypted SRTP 
transp ort la y er headers and the encrypted corresponding payload over the IP connection. 

24. (Currently Amended) The network processing device according to claim 10 
where the processor is further configured to: 

receive a pre-configuring out-of-band communication that provides a secret that is 
shared with the [[a]] remote gateway located between the circuit switched network and th e 
pa c k et swit c h ed n et w ork; 

receive a first key sent from a calling endpoint and usable for decrypting the 
encrypted IP packet payload; 

encrypt the first key using the secret; 

send the encrypted first key to the remote gateway; 
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receive a second key that corresponds to a value stored on a called endpoint and that 
is encrypted by the remote gateway using the secret; 

decrypt the received encrypted second key using the secret; and 
send the decrypted second key to the calling endpoint. 

25. (New) A system, comprising: 

first and second network devices, at least one of the first and second network devices 
located between a packet switched network and a circuit switched network; 

the first network device to receive encrypted media packets from a source endpoint; 

and 

the first network device to transfer the encrypted media packets over a connection 
extending through the circuit switched network and extending to the second network device 
for forwarding to a destination endpoint without decryption by the second network device; 

wherein the encrypted media packets are sent from the source endpoint to the 
destination endpoint over a call path that extends across both the packet switched network 
and the circuit switched network without decryption by any intermediary devices located on 
the call path. 

26. (New) The system of claim 25 wherein the encrypted media packets represent 
video to be played out at the destination endpoint. 

27. (New) The system of claim 25 wherein both the first and second network 
devices are gateways located between the circuit switched network and the packet switched 
network. 

28. (New) The system of claim 25 further comprising: 

a third network device located between the circuit switched network and the packet 
switched network; 

the first network device to determine whether the third network device is capable of 
an End-to-End Secure Real-time Transport Protocol (EE-SRTP) protocol; and 

the first network device to decrypt packetized information for local conversion into a 
Publicly Switched Telephone Network (PSTN) format when the third network device is not 
capable of the EE-SRTP protocol; and 
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the first network device to transfer the decrypted and converted information over the 
circuit switched network to the third network device for forwarding to a destination address 
location in the packet switched network. 

29. (New) The system of claim 28 wherein the first network device is configured 
to determine whether the third network device is capable of an End-to-End Secure Real-time 
Transport Protocol (EE-SRTP) protocol by accessing a dial plan stored locally on the first 
network device. 
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